Friday, July 24, 2009

Botnet Attack Details from Kaspersky

One of the good folks over at Kaspersky Lab, Yury Namestnikov, has written a great white paper about the worldwide botnet “industry.” The story was picked up by Computer Weekly which did a good summary of it.

The financial “highlights” of the ill-gotten gains from botnets (From Computer Weekly):

• Hiring a botnet for DDoS attacks costs from $50 to thousands of dollars for a continuous 24-hour attack.• Stolen bank account details vary from $1 to $1,500 depending on the level of detail and account balance.• Personal data capable of allowing the criminals to open accounts in stolen names costs $5 to $8 for US citizens; two or three times that for EU citizens.• A list of one million email addresses costs between $20 and $100; spammers charge $150 to $200 extra for doing the mailshot.• Targeted spam mailshots can cost from $70 for a few thousand names to $1,000 of tens of millions of names.• User accounts for paid online services and games stores such as Steam go for $7 to $15 per account.• Phishers pay $1,000 to $2,000 a month for access to fast flux botnets.• Spam to optimize a search engine ranking is about $300 per month.• Adware and malware installation ranges from 30 cents to $1.50 for each program installed. But rates for infecting a computer can vary widely, from $3 in China to $120 in the US, per computer.

And what makes this all possible? There are tens of millions of PCs available to botnet operators because of bad computer security on machines in homes and bad security practices by the people who use them.

About Me

He is involved in Application Security Consulting and establishing App Security across SDLC. He also conducts security workshops for the developer community. Besides interest in App Security, he likes Performance Testing and tuning of web applications.